Making PirateBox less confusing / Plugin Bug Thread

I tried out piratebox in a public area where I could hear comments. There was no internet access in the area, so many people joined the network looking for the Internet. 2 problems followed.

Many people were technically unsophisticated and didn't realize that you can have Wifi without the Internet. They also didn't think to read the README, or didn't understand the part about not being connected.

Many of their devices didn't understand that they weren't on the internet. Several applications managed to automatically start file uploads. It looks to me like there was some toolbar or plugin that acted on the droopy page. I didn't have a sniffer installed to debug, but the automated cell phones uploaded dozens of partial files. Below I've pasted in some samples, with anything that could be a useful cookie redacted with 1111s and AAAAs .

The mobiles would upload a new partial file every few minutes. Some had names, cookies and other things that aren't good to have lying around on a piratebox.

Unknown source, but has real looking cookies in it.

Language: PHP
{"data":{"cookie":[{"name":"fc821","value":"ref=1111111&ao11111=&ao1111=17j"},{"name":"fc822","value":"ref=111111&
ao1111=pt,1,1&ao111=4&cr1111=yn,aI"},{"name":"AA","value":"11111"},{"name":"i111111111-cAAAAA","value":"x"},{"name":"u","value":"AAAA--AAA_AAA"}],"encData":"AAA==","placement":"","publisher":"i111111111-cAAAAA","type":"tq","userAgentInfo":{"Build":"1.13.0.7924","Carrier":"TMobile","Density":"High","Device":"SGHT839","DeviceFamily":"samsung","MCC":"310","MNC":"26","Platform":"Android","PlatformVersion":"2.2.1","ScreenResolution
":"480x800","androidDensityID":"240","v":"1","webUserAgent":"Mozilla/5.0 (Linux; U; Android 2.2.1; en-us; SGH-T839 Build/
FROYO) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"},"zone":"1111111"}}

ASTRO file manager. [play.google.com]
Uploaded LOTS of 1 line documents. Can't tell if someone was trying to upload interactively, or if it was polling some other site.

This one looks like some facebook overlay?

age, pic_square, pic, page_url FROM page WHERE page_id IN (SELECT target_id FROM #checkins WHERE target_type = 'page')","
apps":"SELECT app_id, display_name FROM application WHERE app_id IN (SELECT app_id FROM #checkins) AND is_facebook_app =
0 AND app_id != 0","posts":"SELECT source_id, actor_id, message, target_id, attribution, attachment FROM stream WHERE pos
t_id IN (SELECT post_id FROM #checkins)","albums":"SELECT aid, name, cover_pid, modified_major, owner, size, type FROM al
bum WHERE aid IN (SELECT aid FROM #photos)","photos":"SELECT pid, aid, owner, position, caption, src_big, src_big_width,
src_big_height, src, object_id FROM photo WHERE pid in

I have a proposed solution for both problems
1) Don't expose temp files during upload ( True of current version?).
2) Ditch the current redirect in favor of a 2 step process. .
Set up two webservers on the piratebox at 2 different IPs (1 and 2). Piratebox.lan on IP 1. All other DNS resolves to IP 2. IP 2 doesn't have any CGI, it just serves a static page explaining the project & a manual link to redirect people to piratebox.lan.

That should keep devices from automatically uploading, and gives humans a better chance of figuring out what is going wrong.

Thoughts? If it seems worth doing, I'll start tweaking.

Hi,
wow ok. I havent't this problem today, but no one is using my box ;(

With lighttpd it works quite different:
Every 404 (page not found) will do a hardcoded redirect to the landing-page.
Upload bar is located on a different port

I enabled the access.log for debugging (it is not installed (yes not installed) on default) and saw a lot of the stuff from different mobile phone clients.. but no junk in the upload.

Maybe we can solve this issue soon.

Matthias

I wonder if buggy clients will follow the redirect? That's why I thought of serving a page that would need a human to leave.

I can create a link on the redirection Page. This is no problem

Are you thinking about a javascript / refresh redirect or a 301 permanent redirect? I worry that the stupid mobiles would simply follow the 301.

It is a simple redirect with HTML in <head>